1) Who we are & how to contact us

Controller: DGecko Design & Concept Studio, Ho Chi Minh City, Vietnam.
Email: hello@d-gecko.com | Tel: +84 915 189 935.

2) Scope

This Policy applies to the website and to personal data you share with us through forms, emails, or during delivery of our services (design, branding, web, photography, video). If a client contract or NDA includes stricter terms, those prevail for that project.

3) What we collect

We collect the personal data described below under applicable privacy laws (including the GDPR and Vietnam’s data protection laws).

• Contact form data: first/last name, company, job title, phone, email, subject, country, selected service, message.
• Usage & device data: IP address, device/browser, pages visited, timestamps; cookies/SDKs (e.g., Google Analytics, Meta Pixel) if enabled.
• Project data (clients): brand assets, briefs, references, approvals, deliverables necessary to perform the contract.

4) How we collect it

• Directly from you (forms, email, meetings, file transfer).
• Automatically via the site (cookies, logs, analytics).
• From your team/partners when you ask us to coordinate.

5) Why we process your data

We process your personal data only where a legal basis applies. Depending on your location and the activity, those bases are: contract (including pre-contract steps), legitimate interests (e.g., site improvement and security), consent (where required, e.g., analytics/marketing), and legal obligations.

• Respond to enquiries & provide quotes — contract/pre-contract steps.
• Deliver projects & support — contract.
• Improve the site & measure performance — legitimate interests; consent where required.
• Light B2B marketing — consent where required; you can opt out anytime.
• Legal compliance & security — legal obligation or legitimate interests.

6) Cookies & tracking

We may use cookies/SDKs for functionality, analytics, and limited marketing measurement. Where required, we show a cookie banner and honor your choices; you can also control cookies in your browser. (Tip: we block non-essential tags until consent.)

7) Sharing & processors

We share data with vetted service providers (hosting, email, analytics, CRM, file delivery, payment/anti-spam) under confidentiality and data-processing terms. We may disclose data to comply with law or to protect rights and safety.

8) International transfers

Your data may be processed outside Vietnam (e.g., cloud hosting/SAAS). When we transfer personal data, we use appropriate safeguards (contractual terms, minimal access, encryption). For Vietnam, cross-border transfers are regulated (currently under Decree 13/2023 with assessment/notification duties; PDPL will replace/augment these from Jan 1, 2026). We will comply with the applicable regime.

9) Retention

• Enquiry records: up to 24 months after the last interaction, unless you ask us to delete sooner.
• Client/project records: per contract and business needs; deliverables retained per your retention terms (default 6 months, or longer if you purchase archival).
• Logs/analytics: typically 12–24 months per tool defaults.

10) Security

We apply reasonable technical/organizational measures: least-privilege access, strong authentication, encryption in transit, vetted vendors, and monitored backups. No method is 100% secure, but we work to reduce risk.

11) Your rights

Depending on your location (e.g., Vietnam; EU/EEA), you may request: access, correction, deletion, restriction, portability, or objection, and withdraw consent at any time. We’ll respond within the legally required timeframe. (For EU visitors, this maps to GDPR Chapter 3; Vietnam has parallel rights under Decree 13 and the incoming PDPL.)

12) Children

Our site/services are not directed to children. We don’t knowingly collect data from persons under 16. If you believe we have, contact us to delete it.

13) Third-party sites & social media

Our site may link to third-party sites or embed social tools. Their privacy practices are their own; please review their policies.

14) Changes to this Policy

We may update this Policy periodically. When we do, we update the date above and, if material, display a notice on the site.

15) Contact for privacy requests

Email: hello@d-gecko.com. We may ask for information to verify your identity before acting on a request.

For EU visitors, ‘lawful bases’ refers to GDPR Art. 6(1)(a)–(f).